CVE-2013-4291
EPSS 0.05%
Description
The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.
How to fix CVE-2013-4291
To remediate CVE-2013-4291, upgrade the affected package to a fixed version below.
- Debian/libvirt—upgrade to 1.1.2-2 or later
Is CVE-2013-4291 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.1.2-2